SSH without Port Forwarding – Remote Access without port forwarding

| |

Remote Access without Port Forwarding – SSH from outside LAN

In this tutorial, I will show you how you can gain remote access without port forwarding. I will be showing you how you can SSH without port forwarding from outside your LAN and reach your device within the private network!

Design your own PCBs for your Pet Project! Try out Altium PCB Designer

What is SSH?

Let us start with what is SSH? What is an agent? And why we use it. SSH stands for Secure Shell which is a cryptographic network protocol for operating network services securely over an insecure network. It is an Application Layer Protocol which is the seventh layer of the OSI model. The Application layer supports several other services such as Telnet, SMTP, file transfer, web surfing, webchats, email clients, network data sharing, virtual terminals, and various files and data operations.

How Does SSH Work?

SSH connects from client applications such as Putty to an SSH server such as OpenSSH  Server. SSH was designed to be a replacement for telnet which is also an application layer protocol due to security reasons as Telnet sessions were unencrypted; which sent all the information in plain text.

What are the Uses of SSH?

SSH can be used to transmit data commands, text, and even files (Uses SFTP which is an encrypted version of FTP) in encrypted form which makes man in the middle attacks not possible. SSH works worldwide provided that the port number on the server is correctly port forwarded. It can also work and a bunch of different platforms such as windows, Linux, and also any of the devices that run Linux and have an SSH Server installed such as android, routers, switches, MAC, I Phone etc

Problems with Remote Access Using SSH

Most of us are facing a common problem of not being able to access office PC or any local device for that matter since they are behind some kind of very restrictive corporate firewall, or behind a router. For most of us, our office PC is behind a firewall which is connected to Internet. The problem here is, it wont allow any incoming traffic from the Internet to the internal network by default. Which means you can connect remote hosts on Internet from your office PC connected to the office internal network, but remote devices wont be able to connect to your office PC or ssh without port forwarding.

How to SSH to a Device with in a LAN from the Internet?

This is a massive headache if you have to access your files and other materials from within our office PC from your home network and/or SSH without Port Forwarding. A solution? Well there are various methods to connect to a device behind a router/firewall.

  • Adding a Firewall Rule

Add a firewall rule that accepts connection from a specific remote IP address to a specific port and redirect it to your office PC allows you to ssh without port forwarding.

  • Port Forwarding

Port Forwarding is a mechanism that is used to permit external device access to services on local networks / private networks. Port forwarding is a technique used by devices such as routers used to separate overall network traffic thereby improving overall network speed and provide a definite path for different data to reach their destination. To better understand port forwarding, it would good if we take a closer look at the IP Address and working of the internet.

Types of IP Address

There are mainly 2 types of IP address.
Public IP and Private IP

Public IP address is an IP address that can be accessed over the Internet. This IP address is unique throughout the internet.

Private IP address are addresses that are assigned to computers within your private network or LAN. This IP address is unique to a network. Private IP addresses are not directly exposed to the Internet. That means we cannot access any device outside our LAN using its private IP address.

SSH without port forwarding

If we want internet connection in our home, we contact an ISP. ISP is an Organization that provides us access to the internet. For example Asianet , BSNL etc. ISP gives us an IP address which can be used for accessing the internet. Modem simply demodulates the incoming packets and modulates the outgoing packets. If we have a single PC, we can directly connect modem to that PC.

In the case of SSH connections, from some one outside the LAN, they will use your public IP to connect your network. In the router you configure port forwarding and tell you router that “If any packets is received through port 22 (default port used by SSH), forward it to <my_private_IP>”.

This way you can establish a connection to a machine with in the local network from the internet.

Reverse SSH

As mentioned earlier, the firewall rejects ssh connection that an external machine is trying to establish with the remote machine. But what if the connection requset is originating from the remote host behind the network? The firewall will let the connection request to pass through it. This is what we do in Reverse SSH. This method is can also allow you to ssh without port forwarding. This is a big topic and will be discussed in the future post.

Ngrok

Ngrok is an service that enables us to connect to any device (inside LAN or internet facing) through any network with out port forwarding. One key advantage of using ngrok is that, you dont have to be local network as your device to access them. You can SSH without Port Forwarding, use FTP or access a webserver on your local network using ngrok.

So How does Ngrok Work? Well, the work of Ngrok has been clearly explained in the previous post. If you are interested in learning more about it, you can click here. Now you know what ngrok is and what it can do. Let us use Ngrok to set up the Office PC to accept SSH without port forwarding from a remote device.

Before diving into the main content, I will be a good idea to know a little bit about SSH. SSH is also known as Secure Socket Shell. SSH is a protocol that enables users to access a remote PC in a secure manner. SSH do this by providing a strong authentication mechanism and encryption mechanism to encrypt the data that is being transferred between two computers. Even though we are using insecure networks such as public WiFi networks or library networks, we are still safe due to the encryption provided by SSH. Even if the attacker sniff the traffic, he finds nothing but gibberish and scrambled data. Without the key, he wont be able to decrypt it. SSH is widely used by network administrators for logging into remote systems and access data and resources, access remote applications execute commands in remote devices.

SSH without Port Forwarding

Here, I will show you a simple example using ngrok to gain Remote Access without Port Forwarding. I will start SSH server (port 22) on my Office PC inside the office network, set up ngrok on my office PC and SSH it from outside the LAN using the Ngrok link.

Step 1 – Set up an Account

Follow this link and create an Account in Ngrok.

Once you complete Sign up Process, you will be provided with an ‘authtoken’ which can be used to connect your Raspberry Pi to your Ngrok account. Take a note of it.

Remote Access without Port Forwarding

Step 2 – Download Ngrok

Download Ngrok on your pi. 

wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip

Now extract the file using

unzip ngrok-stable-linux-amd64.zip

If everything goes well, you will see a file named “ngrok”

Remote Access without Port Forwarding

Step 3 – Connect your Account

Run the below command to set your ‘authtoken’

./ngrok authtoken 4BSL861jeVz9wt7AM91QM_aksO43YvcKgmtC4pxv

Step 4 – Start ngrok

Now you can run ngrok

./ngrok TCP 22

Now you will see something like this

Web Interface http://127.0.0.1:4040
Forwarding tcp://0.tcp.ngrok.io:36428 -> localhost:22

The above line indicates that any connection to ‘0.tcp.ngrok.io’ to port 36428 will be redirected to the machine in which it is running to port 22.

Step 5 – Connect to your Office PC from a Remote PC

Now you can easily connect your device from a remote computer using the command

ssh user@0.tcp.ngrok.io -p 36428

Thats it. You will be connected to the office PC in no time. This is how you ssh without port forwarding. That means you can gain Remote Access without Port Forwarding.

Rate the Project

Did you find this page useful? Help us to improve by rating this page.

[RICH_REVIEWS_FORM category=”projects”]
[RICH_REVIEWS_SNIPPET stars_only=”true”]

[AdSense-B]

Similar Posts

Access Local Device without Port Forwarding – Ngrok Working & Setup
| |

Access Local Device without Port Forwarding – Ngrok Working & Setup

  Access Local device without Port Forwarding ngrok is an service that enables us to connect to any device (inside LAN or internet facing) through any network with out port forwarding. One key advantage of using ngrok is that, you dont have to be local network as your device to access them. You can SSH, use…

L293D Piggyback for High Current Motors|High Current DC Motor Driver
| | | |

L293D Piggyback for High Current Motors|High Current DC Motor Driver

L293D Piggyback Introduction Months before, I pubished a post about H Bridge and L293D Motor Driver IC – What a H-bridge and L293D motor is and how to use it to control DC motors. If you are interested, please feel free to check out the post. In this post, I will tell you about L293D…

Leave a Reply

Your email address will not be published. Required fields are marked *